If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

\"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
Phillip Toshio Sudo, Zen Computer
Have faith, but lock your door.

According to what I've found on the net, pacisoft is a startup infection, so there is something in the registry referencing that folder location and looking for a startup or startup config file. Hijackthis may miss it.

If safemode won't get you where you want to go, you might want to look at the Windows version of UltimateBootCD (http://www.ubcd4win.com/) and try to analyze the registry and file system from that. It is possible that the infection is hiding registry keys or other things from you even in Safemode.

The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.

u see that mpestfat9.sys file in system32 folder ? hmm i cannot seem to locate it even when revealing hidden files. so how do i go about deleting that i wonder? noticed the date time stamp on the reg keys and the sys file and the folder all correspond to 9-27-05. seemingly these r are all culprits, but mysteriously evading my hand of wrath.

i downloaded the ultimate boot cd off that page, but i am not gonna use that just yet until i know what i am doing. thanks.

oh by the way i managed to delete those windows services detected on the Root kit scan by going into the registry and manually deleting them.

would if i could

i would if i could, but it's not visible so the thing is i dunno how to do that. it's deemed ghostware as opposed to spyware. i am waiting on sir babis to try to help me figure out how i can manipulate the file. he helped me locate it thus far so that's half the battle, but if i can manage to manipulate the file somehow yeah i can send it to u.

i tried to type in attrib -a -h -r -s c:\windows\system32\mpestfat9.sys
but it says file not found.

About the only way you are going to get to the Registry and file system and nail these bad boys is to boot from a CD that allows you to edit the hidden registry keys, and the hidden file system stuff. The boot CD I pointed you to will do that. BTDT, got the t-shirt.

not sure

I fixed my problem because;

I jus made a crucuial discovery of an error i made. i was looking in the wrong directory for mpestfat9.sys seemingly i was thinking it was located in C:\WINDOWS\SYSTEM32, but it was in fact located in C:\WINDOWS\SYSTEM32\DRIVERS

by deleting the sys file i was able to also delete unismith folder in safe mode and boot up successfully in normal mode. sorry for all the fuss.

also these 3 hidden registry directorys do not show up anymore when i scan
with rootkit revealer. so problem is fixed 100%
HKLM\SOFTWARE\CqiU2ACteU6m
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSK116X
HKLM\SYSTEM\ControlSet001\Services\MSK116x

thanks all for help especially sir babis for the rootkit revealer program. it proved to be invaluable.